What Do HIPAA Standards Mean for You?
HIPAA Security Rules
Four different rules make up the HIPAA (Health Insurance Portability and Accountability Act). Specifically, HIPAA eCommerce platforms must focus on its security rule, which comprises three subsections: physical safeguards, technical safeguards, and administrative safeguards. Each of these subsections has its own requirements as well. Hiring a HIPAA consultant is the first step to making sure you follow HIPAA standards.
The most common concern is to address technical safeguards, which can be broken into access control, authentication, and transmission security. Tools such as SSL make sure the application is sending data security over socket layers or that the data itself is being encrypted when stored. It also includes access limitations, making unauthorized users and unauthorized computers unable to access data. A HIPAA eCommerce application can essentially lock down the capabilities of interacting with the system.
HIPAA logging requirements also necessitate extensive logging of information, including when the data was available, who accessed it, and when it was accessed. Additionally, it can log all changes made to the data, helping keep track of who is responsible for changes and making any internal privacy breach — or user input — easier to solve.
This can all be relatively challenging to do manually. As such, the eCommerce application itself needs to log interactions with the data, ensure that the data is encrypted correctly during transmission, and protect data at rest.
The eCommerce platform itself must be configured and validated to be compliant. Clarity uses highly regarded to perform much of this periodic auditing and reviewing. This software provides the most common protection protocols to pass security audits and verification via a summary report to verify HIPAA eCommerce compliance.